Advanced TCP Protection setup
Follow the steps described in the following sections to get started with Advanced TCP Protection.
1. Request initial configuration
When you get access to Advanced TCP Protection, there are no configured thresholds in your account.
Thresholds are based on your network’s individual behavior, derived from your traffic profile as monitored by Cloudflare. Defining the thresholds will effectively determine what the High, Medium, and Low will be for your specific case.
Ask your Implementation Manager to configure initial threshold values.
Once thresholds are configured, the Implementation Manager will let you know that Advanced TCP Protection has been initialized and can be configured and enabled.
2. Add prefixes
You cannot add unapproved prefixes to Advanced TCP Protection. Contact your account team to get help with prefix approvals.
3. (Optional) Add IP addresses or prefixes to the allowlist
4. Create a global configuration
Optionally, you can create for each protection system component (SYN flood protection and out-of-state TCP protection). A filter modifies Advanced TCP Protection’s — monitoring, mitigation (enabled), or disabled — for all incoming packets matching an expression.
5. Enable Advanced TCP Protection
- In the Cloudflare dashboard, go to Account Home > L3/4 DDoS > Advanced TCP Protection.
- Under General settings, toggle the feature status to Enabled.